000036891 - Listing the contents of the RSA Authentication Manager Java KeyStore (JKS) files

The Linux shell script must be executed with root privileges and requires the Operations Console username and password.

Installation

1. Download and copy the attached AMJKSlist.sh shell script into /tmp on the Authentication Manager instance in the deployment. Review the article on how to enable Secure Shell on the Appliance, if needed. Where SSH has been enabled, a secure FTP client, such as WinSCP can be used to copy the shell script into /tmp.
2. Change the permissions of the AMJKSlist.sh shell script so it can be executed at the command line:

chmod 755 /tmp/AMJKSlist.sh

Usage

1. Logon to the Authentication Manager instance with the rsaadmin account, either in an SSH session or at the local console.

Note that during Quick Setup a user name other than rsaadmin may have been selected. Use that user name to login.

2. Change the privileges of the rsaadmin account using the command:

sudo su -

You must be the root user to use this program; exiting...

3. Navigate to /tmp:

cd /tmp

4. The shell script can be executed in one of two ways, as Operations Console user credentials are required.

cd /tmp
./AMJKSlist.sh <Operations Console administrator name> <Operations Console administrator password>
Checking OC credentails.. 
OC credentials validated... redirecting to menu..

cd /tmp
./AMJKSlist.sh 
Checking OC credentials....missing OC credentials!
Please enter OC Administrator username: <enter Operations Console administrator name> 
Please enter OC Administrator password: <enter Operations Console administrator password> 
 
OC credentials validated... redirecting to menu..

5. The shell script menu displays:

RSA Customer Support (Asia Pacific)

Listing Authentication Manager Java KeyStore Contents

1) Display JKS Passwords
2) Generate a Report - JKS Contents
9) Exit

Please select an option

Display JKS Passwords

RSA Customer Support (Asia Pacific)

Listing Authentication Manager Java KeyStore Contents

1) Display JKS Passwords
2) Generate a Report - JKS Contents
9) Exit

Please select an option
1
Obtaining the JKS passwords..

SSL Client Identity Certificate Keystore File Password : CghsVPZIqimVOh7VTnf3LYbyoZ156H
SSL Server Identity Certificate Keystore File Password : lfN25RuibhUMUPToxfwir2eyFy066e
Root Certificate Keystore File Password : hWjA09JSGwRAxhh3UGydXcdLJ63Iw1
SSL Trust Store File Password : PmUzMsNOBP7UGcLhuELpfMAyb9h2fU

done!

Press any key to continue...

RSA Customer Support (Asia Pacific)

Listing Authentication Manager Java Ketstore Contents

1) Display JKS Passwords
2) Generate a Report - JKS Contents
9) Exit

Please select an option
2
Obtaining the JKS passwords..done!
Generating the report..
Listing contents of /opt/rsa/am/server/security/DemoIdentity.jks to file..
Listing contents of /opt/rsa/am/server/security/biztier-identity.jks to file..
Listing contents of /opt/rsa/am/server/security/caStore.jks to file..
Listing contents of /opt/rsa/am/server/security/console-identity.jks to file..
Listing contents of /opt/rsa/am/server/security/trust.jks to file..
Listing contents of /opt/rsa/am/server/security/vh-identity.jks to file..
Listing contents of /opt/rsa/am/server/security/vh-inactive.jks to file..
Listing contents of /opt/rsa/am/server/security/webserver-identity.jks to file..
Listing contents of /opt/rsa/am/server/security/webserver-inactive.jks to file..
Listing contents of /opt/rsa/am/server/security/webtier-identity-webtier01.jks to file..
done!

Report filename : /tmp/AMJKS-report_201810301412.log

Press any key to continue...

RSA Customer Support (Asia Pacific)

Listing Authentication Manager Java Ketstore Contents

1) Display JKS Passwords
2) Generate a Report - JKS Contents
9) Exit

Please select an option
9
Bye!

Example Report

RSA Customer Support (Asia Pacific) (1412-30102018)

Listing Authentication Manager Java KeyStore Contents

Authentication Manager JKS Filename : /opt/rsa/am/server/security/DemoIdentity.jks

Authentication Manager JKS Filename : /opt/rsa/am/server/security/biztier-identity.jks


Keystore type: JKS
Keystore provider: SUN

Your keystore contains 3 entries

Alias name: server_identity_key_webserver
Creation date: Oct 24, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: SERIALNUMBER=19a5d1309aa75cf8691381cb6a280aa3ca2be80fa83787e205756d77716f9f2b, CN=app82p.csau.ap.rsa.net
Issuer: SERIALNUMBER=ca8b90357e5c73bc759f681735c258e96efbb72f50814403ffd0261e5dc700d3, CN=RSA root CA for app82p.csau.ap.rsa.net
Serial number: 59238e1417ac4b9cfd2a7dd9193b9ece
Valid from: Tue Oct 23 13:46:47 AEDT 2018 until: Thu Jan 01 00:00:00 AEDT 2037
Certificate fingerprints:
         MD5:  88:47:12:51:EA:4C:11:73:68:C1:27:0F:6A:1D:12:6B
         SHA1: EE:6E:36:31:CB:F9:8E:D0:49:71:22:DF:2A:8A:16:71:06:4E:D6:83
         SHA256: 6F:2B:49:98:D9:EC:7F:AC:F2:B4:B0:7B:C9:66:A3:35:97:D6:42:37:42:EC:6B:93:A5:B0:1B:D6:28:50:14:E9
         Signature algorithm name: SHA256withRSA
         Version: 3
Certificate[2]:
Owner: SERIALNUMBER=ca8b90357e5c73bc759f681735c258e96efbb72f50814403ffd0261e5dc700d3, CN=RSA root CA for app82p.csau.ap.rsa.net
Issuer: SERIALNUMBER=ca8b90357e5c73bc759f681735c258e96efbb72f50814403ffd0261e5dc700d3, CN=RSA root CA for app82p.csau.ap.rsa.net
Serial number: 4df353521ef573fd66bdc41bd67240c2
Valid from: Tue Oct 23 13:46:46 AEDT 2018 until: Thu Jan 01 00:00:00 AEDT 2037
Certificate fingerprints:
         MD5:  2B:D2:89:B6:C8:AF:6E:DE:AB:F3:68:F0:C6:68:11:79
         SHA1: E9:61:17:A2:E2:6A:D0:18:0D:2F:C2:6E:8E:C4:EF:56:F6:0A:40:47
         SHA256: 4D:E9:10:D3:D1:51:49:16:C0:36:D1:52:2F:D5:02:A6:8E:7D:9E:E9:60:AD:08:C8:21:0E:6E:64:E0:D8:B6:67
         Signature algorithm name: SHA256withRSA
         Version: 3


*******************************************
*******************************************

...
...
...